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Internet of things (IoT) technology is growing exponentially in almost every 
sphere of life. IoT offers several innovation capabilities and features, but 
they are also prone to security vulnerabilities and risks. These vulnerabilities 
must be studied to protect these technologies from being exploited by others. 
Cryptography techniques and approaches are commonly used to address and 
deal with security vulnerabilities. In general, the message queuing telemetry 
transport (MQTT) is an application layer protocol vulnerable to various 
known and unknown security issues. One possible solution is to introduce an 
encryption algorithm into the MQTT communication protocol for secure 
transmission. This study aims to solve the security problem of IoT traffic by 
using a secure and lightweight communication proxy. The strategy behind 
this communication broker acts as a network gateway providing secure 


Security transaction keys to all IoT nodes in the network. This task uses a java servlet 
and elliptic curve cryptography (ECC) algorithm to generate identity 
encryption keys in a component-based web transaction infrastructure. This 
approach encrypts the data before it is sent via the MQTT protocol to secure 
the communication channel and raise the security device and network 
transactions. 
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1. INTRODUCTION 

The internet of things (IoT) is one of the most exciting technologies that connect the physical world 
with digital communications, interactions, transactions, predictive analytics, enabling governments, and large 
corporations to make decisions with analysis. In the existing digital world, information security, and 
cybersecurity schemes are used in a thin-layer approach. The former relates to transaction security, the 
second being related to peripheral devices and central nodes [1]. However, in today’s digital world operating 
as IoT devices within industry 4.0, a multi-layered security approach is required, developed in this study as a 
secure middleware framework. It has traditionally assumed that many independent systems and strategies are 
solved most of these problems independently [2], [3]. For example, it includes secure bank authentication 
schemes using one-time passwords, cryptographic authentication schemes, two-factor authentication, 
application-level middleware solutions, and finally, blockchain implementations [4]-[8]. However, all these 
solutions do not provide built-in security for these IoT devices. The IoT is the physical unit where devices 
combine wireless sensors to send data to a platform. With advances in IoT processing, devices as botnets 
increase security risks, which can be dangerous for many people. The most used protocols in IoT are 
hypertext transfer protocol (HTTP), extended presence and message protocol (XMPP), restricted application 
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protocol (CoAP), extended message queuing protocol (AMQP), and message queuing protocol (MQTT) 
messages [9]. MQTT is popular in IoT devices because it operates with low bandwidth and can use as a 
limited resource for IoT devices. MQTT consists of three primary nodes: editor nodes, mediation nodes, and 
member nodes [10]-[13]. The MQTT protocol is not secure for communication and is readable by 
unauthorized persons. Network devices and applications are a stand-alone approach proposed or applied at 
different levels for the homogeneous dispersion system. The intrinsically associated with heterogeneous, 
distributed network, the IoT regulatory requirements, as well as centralized and distributed deployment 
scenarios, should provide a security architecture in the various layer (physical, network, and application) to 
achieve the following: secure device provisioning (configuration with secure personal identification (SPID) 
key); secure inter-operability (network management with secure using middleware broker); secure device-to- 
device & service-to-service interactions (inter-device transactions using secure middleware broker). 

Its motivation is to use servlet technology to create a secure SPID system with a private 
identification key for loT communication systems. The system generates encryption keys based on the ECC 
algorithm. In this work, the proposed middleware security broker key for enhanced security and 
device/network isolation to protect the native devices, networks, and transactions in the IoT network 
operating at the edge (overlapping region), as shown in Figure 1. In addition, the proposed method can be 
implemented for various security approaches to enhance security as supported [14]-[18]. 
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Figure 1. Proposed middleware security broker key for enhanced security and device/network isolation 


The security framework provides a brokerage middleware key solution that runs in parallel and 
distributed deployment. Security roles and concerns can be divided into the three-tier model (collection 
domain, network domain, and application domain), as shown in Figure 1. A key-based approach to data 
encryption identification keys is the ECC algorithm. ECC uses a public/private key pair to decrypt and 
encrypt the web traffic. A practical approach to encoding is ECC, an alternative to rivest-shamir-adleman 
(RSA). It uses an elliptical curve to create essential protection for public-key cryptography. From a security 
perspective, the difference between RSA and ECC encryption keys is significant [19]. Simply put, a 384-bit 
elliptic curve encryption key provides the same level of security as a 7680-bit RSA Size is an essential 
characteristic of elliptic curve coding. It is due to the increased performance of small mobile devices. ECC is 
faster and offers greater security with shorter keys than RSA in a world where mobile devices with lower 
processing power can perform more encryption [20]. 
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2. THE PROPOSED METHOD 

According to the international telecommunication union (ITU), governments, and businesses are 
increasing their investments in cyber security [21]. However, these statistics have been collected from mobile 
operators, internet service providers, and traditional IP networks considered consistent and homogeneous. 
The task is difficult because of limited device capabilities, heterogeneity, and limited human intervention on 
the internet of things. Cyber security strategies are managed and implemented in traditional IP-based systems 
through rigorous security testing, such as vulnerability assessment and penetration testing. The limitations of 
device capabilities, multiple communication technologies, and lack of standardization in IoT-based systems 
expose security vulnerabilities that cannot quickly address this technology area due to the direct impact of 
penetration testing [22], [23]. Mapping existing IP-based cyber security models to IoT-based systems 
requires understanding current security practices outlined in the confidentiality, integrity, and availability 
(CIA) model. Existing cyber security networks and their implementations loosely coupled with an excellent 
triangular CIA model provides a flexible framework for data availability, integrity, and confidentiality, as 
shown in Figure 2. The main purpose of this model is to provide a point. Secure the IT systems so that data is 
always sent to reliable equipment, always available, and always stored in a location where interventions can 
track, analysed, and logged [24]-[30]. By 2025, more than 75 billion devices are expected to be connected to 
the internet [31]. The gateway supports multiple IP networks and an extensive network address translation 
(NAT) storage database. Another aspect to consider is a static root, static NAT translation, usual NAT 
translation, and dynamic NAT translation (amount of memory saved for time-consuming prompts). 
Furthermore, new devices are continually added and removed from the internet. As a result, existing IP 
addressing schemes cannot wholly solve the problem of scale correctly. Many security solutions are currently 
being proposed at various levels to address the challenges in a network system. 
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Figure 2. CIA security model 


However, there is still a lack of the overall security, trust, and compliance model needed to manage 
such large-scale networks capable of executing billions of transactions daily. Our approach is based on these 
solutions, deploying a secure data layer API to monitor devices, logs, service contracts, and transactions 
between them. The architecture of the IoT, applications in all disciplines, and all related ecosystems are 
heterogeneous. This diversity needs to be determined; the proposed security agent architecture should 
consider proper IoT and industrial IoT (HoT) implementation at all levels to provide unique security and 
support. It is also essential to distinguish between traditional IoT devices and counterfeit devices. The limited 
computing resources of standard IoT devices make it difficult to implement traditional security systems 
(application or hardware-based) such as firewalls. It is also essential to identify which IoT devices can use 
through imitation devices. In this situation, the proposed middleware broker key is generated for all IoT 
devices and network gateways. A device or physical layer is provided by generating a key for each device in 
the IoT architecture. A unique security key can identify billions of existing scalable IoT devices and IP traffic 
[32]-[36]. This study proposes a brokerage middleware key solution that runs in parallel and distributed 
deployment. Each IoT device has a unique security agent ID. These keys are part of the broker, so only 
devices with the appropriate information can join or remove the network and exchange information. 
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2.1. Implement of key broker using java servlet and elliptic curve cryptography system 

Figure 3 shows the working principle associated with the presented middleware security broker key. 
As shown in the figure, the entered URL/data is first encrypted with ECC technology. At the same time, the 
record key is identified by a SPID, which is an essential feature of the broker by using java servlet. 
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Figure 3. Overall process of proposed middleware security broker key 


2.1.1. Elliptic curve cryptography technique 

Elliptic curves are related to ECC, a type of public-key cryptography, primarily working with 
public/private key pairs. Today’s public key cryptography does not require interaction between two parties 
before encrypting a message. Pre-shared keys can decrypt before the exchange begins and form the basis for 
more secure communication. ECC is known as the escape function. That is, it is easy to calculate in one 
direction and difficult to calculate in the other. Deciphering a message is easy and fast when working in one 
direction (private key, the other, and private key) knowing part of the equation. What makes ECC unique is 
the way the numbers used for public and private key pairs are generated. Today’s public key cryptography 
system, RSA, multiplies two large primes, and uses products with them to secure communications. If ECC 
does not know the starting point (private key) that generated the curve, it uses the projection properties of the 
elliptic curve to pick a randomly visible point on the graph. Therefore, the curve is represented by the 
expression specified as in (1). 


yY =X +ax+b (mod p) (1) 


Where a and b mean integers and p defines mod values. The prime number is specified in ECC as k, and the 
private key is specified as S.K. So, the ECC operation is as in (2). 


dum = ((Xcube).add(a.multiply (x))).add (b)) (2) 
It specified as mode p. Compare against Ysquare With dum equal to 0. One of the main advantages of 
ECC is that it consists of a small key size, small storage space and transfer conditions. If the condition x=y is 


met, the best point for the eclipse curve E.C is determined. 


2.1.2. Generation of keys 
Two keys apply here. Express the private key in the form as in (3). 


sk = cs.generateKey() (3) 


On the other hand, the public key expression is in (4). 
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pk=sk.getPublic(Q) (4) 


The metric required scaled according to the total task, namely PRIMESECURITY=S00. 
- Encryption process 

It is one of the most popular data protection methods for encrypting confidential messages so that 
the recipient can access the data. According to this proposal, releases are block-by-block and are encrypted 
using the ECC method. The number of blocks is denoted by (i, j), where i and j define the row and column 
for each standard block. The expression is in (5). 


cipher=cs.encrypt(buffer, top, key) (5) 


- Decryption process 
It is the reverse process of an encryption mechanism based on transforming encrypted data in a 
simple context. This method uses the private key sk to retrieve the expression as in (6). 


buffer=cs.decrypt(encrypt, key) (6) 


2.2. Java servlet technique 

Servlets are server-free Java programs and platforms that can process data between clients and web 
servers by displaying or modifying data interactively using dynamic web page revenue technology. The 
servlet runs on the server and does not require a graphical user interface. A client program can be a browser 
or other program that can connect to the internet and access and make requests to web servers. A servlet can 
respond to a client’s request by dynamically generating a response returned to the client each client request 
represented by a servlet request object (servlet request type). The response sent to the client is represented by 
a servlet response object of type servlet response. Figure 4 shows the fundamental behavior of the servlet. A 
servlet can call multiple times to handle requests from multiple clients. A servlet can handle multiple requests 
at the same time and synchronize them. It can also redirect requests to another server or servlet. To access the 
servlet, you need to run a URL command that points to the servlet’s location as if it were in the directory or 
computer running the webserver. Servlets written in Java is ideal for implementing complex business 
application logic that allows clients to access relational databases through dynamic web pages. 


Figure 4. Basic servlet function 


3. RESEARCH METHOD 
Figure 5 shows the flowchart implementation of SPID essential broker functions. It consists of: 

— Device ID as a level of discovery primarily includes access to a physical node, device, or sensor. Most 
technologies such as RFID, WSN, and GPS collect data sent to higher layers for analysis and intelligent 
processing. This layer has several unique properties that make it vulnerable to vulnerabilities and attacks, 
such as inconsistency, computing power, remote deployment, physical damage, and environmental 
changes. 

— Network IDs, such as the network layer or, more generally, the transport layer, are helpful primarily in the 
application layer to provide ubiquitous access to the knowledge and communication layers. The transport 
layer is complex, including many communication technologies such as (LoRa, WiFi, 3G, 4G, ZigBee, 
Bluetooth, and others) and various protocols. Communication networks are secure, but the openness and 
heterogeneity of IoT devices, their use of information exchange methods, protocols, technology stacks, 
and multiple communication technologies can make them vulnerable to attack. 

— Application ID, most application tiers are considered the most secure as they operate in a cloud 
environment that can provide high analytical and computational skills. However, the application layer has 
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a lot to do with the client as it provides the necessary data or services. One of the biggest challenges on 
the IoT is the large amount of information received by touch nodes. Personal (user behaviors displayed 
via intelligent device or social network integration), critical (medical device), work (smart office), and 
building), industrial and government or military applications. This information is highly confidential, 
providing a very complex threat interface with data breaches and the primary threat vectors. 

— The transaction key for IoT device-to-device communication acts as an authentication transaction key. 
After detecting the device ID, network ID, and application ID, the ECC algorithm generates the ID 
transaction key before sending it to the gateway receiver. The public and private keys follow a 256-bit 
elliptical curve, so each ID transaction key generated is unique. Finally, the transaction ID key is sent to 
the destination requested by the user. 
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Figure 5. Flowchart of secure personal identification (SPID) essential broker functions 


3.1. Experimental setup 

Testbed for evaluating the performance of the SPID essential broker protocols describe in Table 1. It 
implemented SPID with our proposed scheme and described in [37] based on the java servlet platform. This 
same proposed approach is used to implement the transaction key for communication between the devices of 
each IoT device. It is safe to assume that each node’s private key and the initiator’s public key is the data 
source. Deriving the key is the responsibility of all responding nodes. Each node can use its secret point on 
the elliptical curve [38], [39]. Using a lightweight ECC scheme, it uses the encryption parameters described 
in Table 2 to visualize bilinear operations with keys of various sizes [40], [41]. 
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Table 1. System details 
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Equipment 


Specification 


Hardware 

Primary Memory Capacity 
Operating System 

Java Servlet Version 4.0 
Java Version 11.0 


4GB 


Intel(R) Core 1i7-3520M CPU @ 2.90GHz 2.90 GHz 


Windows 10 Enterprise, 64-bit operating system, x64-based processor 


Table 2. Elliptic curve cryptography parameter 


Parameter Expression Output 
curve y` =x? + ax + b (mod p) y =x + 1x +6 (mod 11) 
Generator generator = new ECPoint(this, ecp.generatorX(), ecp.generatorY()); 4843956129390645 1759052585252797914 
20276294952604 17479958440807 1708240 
4635286, 
36134250956749795798585 12791958788 1 
95661110667298501507187719825356841 
4405109 
Order order = ecp.order(); 1157920892 1035624876269744694940757 
3529996955224 1357603424222590610685 
12044369 
a a=new 1157920892 1035624876269744694940757 
BigInteger("FFFFFFFF"+"00000001"+"00000000"+"00000000"+"0 3530086 1434152903 1419553363 13088670 
0000000"+" FFFFFFFF"+"FFFFFFFF"+"FFFFFFFF", 16); 97853948 
b b = new 41058363725152142129326129780047268 
BigInteger("5AC635D8"+"AA3A93E7"+"B3EBBD55"+"769886BC 40911444101599372555483525631403946 
"+"651D06B0"+"CC53BOF6"+"3BCE3C3E"+"27D2604B", 16); 7401291 
p p = new 11579208921035624876269744694940757 
BigInteger("FFFFFFFF"+"00000001 "+"00000000"+"00000000"+"0 35300861434152903141955336313088670 
0000000"+"FFFFFFFF"+"FFFFFFFF"+"FFFFFFFF", 16); 97853951 
gx gx = new 4843956129390645 1759052585252797914 
BigInteger("6B 17D1F2"+"E12C4247"+"F8BCE6E5"+"63A440F2"+ 20276294952604174799584408071708240 
"77037D81"+"2DEB33A0"+"F4A13945"+"D898C296", 16); 4635286 
gy gy = new 36134250956749795798585127919587881 


BigInteger("4FE342E2"+"FE1A7F9B"+"8EE7EB4A"+"7COF9E16" 
+"2BCE3357"+"6B3 1SECE"+"CBB64068"+"37BF51F5", 16); 

n = new 
BigInteger("FFFFFFFF"+"00000000"+"FFFFFFFF"+"FFFFFFFF"+ 
"BCE6FAAD"+"A7179E84"+"F3B9CAC2"+"FC632551", 16); 


95661110667298501507187719825356841 
4405109 
11579208921035624876269744694940757 
35299969552241357603424222590610685 
12044369 


4. RESULTS AND DISCUSSION 


The SPID broker evaluated the transaction key using the ECC algorithm. When the SPID broker 
receives the URL/data, the device, network, and application identity discover the information via cellular, 
edge, gateway, or relay. The system is built using the scapy python program and runs in a java servlet 
program package. Scapy is a library written in Python using a command-line interpreter (CLI) to create, 
modify, send, and capture network packets. It can be run interactively through the command-line interface or 
imported into Python and used as a library. The main advantage of scapy is that, unlike other low-level tools, 
you can modify network packets to use existing network protocols and define parameters as needed 
[42]-[44]. After the device, network, and application IDs get the output shown in Figures 6-8, respectively, 
the transaction key system checks the overall risk severity. The application features related to authentication 
and management are appropriate. Make sure it is implemented in and does not allow attackers. It 
compromises passwords, keys, or session tokens or exploits other implementation flaws to take over another 
user’s identity temporarily or permanently before the ECC algorithm generates the key. 

Figure 6 shows the device ID system output, and it runs in java servlet. It detects the MAC address 
and name of devices. The transaction key system knows the data to encrypt and decrypt come from what 
devices. Network ID system output is display in Figure 7 and it also runs in java servlet. The transaction key 
system knows the data from the network ID system because it detects the IP address location. 


User=SPID Device=Found 3 devices Device= 1C:3E:84:3D:C5:20 - KJ 
Device= 89:94:68:31:FF-B9 - Tango neo 7 Device= 41:42:19:BD:DC:6D - Galaxy Buds 


Figure 6. Device ID output 
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190.0.2.2 52:54:00:12:35:02 
10.0.2.3 52:54:00:12:35:03 
190.0.2.4 52:54:00:12:35:04 


Figure 7. Network ID output 


Application ID system detects the download data from any URL. From the output shown in 
Figure 8, the transaction key knows the type of data and the content of the data transfer length. The device, 
network, and application ID information is collected before the transaction key does the encrypt and decrypt 
process, as shown in Figure 9. All the information is essential to ensure the URL/data is secure. 


Content-Type = application/octet-stream Writing Secret key 

Writing Public key 

Encrypting: AJK.docx -> AJK.docx.enc ...OK 
Content-Length = 32 Decrypting: AJK.docx.enc -> AJK.docx.dec ...OK 
Reading Public key 

sk is:ecc.rsa.RSAKey@2ef614f8 


Content-Disposition = null 


fileName = latest.csv 


File downloaded Reading Secret key 
BUILD SUCCESSFUL (total time: 1 second) sk is:ecc.rsa.RSAKey@3839e5b1 
Figure 8. Application ID output Figure 9. Display output of the keys 


5. CONCLUSION 

In this article, we proposed a secret identification key SPID system for IoT communication systems. 
The system generates an encryption key based on the ECC algorithm. This task secures native devices, 
networks, and transactions in a running IoT network using a middleware security broker key to improve 
device/network isolation and security. This approach allows to optimize your security model’s level to 
compete with the security of device and network transactions while maintaining scalable and manageable 
security features. In the future, the SPID system will be extended to include an IoT application system in 
order to assess the proposed system’s efficiency. 
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